Claims : 

1 \ 1* A system for copy protecting information, the 

2 system comprising: 

3 \ ^ point of deployment module; and 

4 \ a set-top box including; 

5 Vherein the set-top box transmits a request message 

6 for inVormation, the point of deployment module generates 

7 a replyXmessage which includes at least one control 

8 informatk)n pair, relating to the information, each 

9 control information pair having copy control information 

10 and a streab identifier, respectively generating a first 

11 in the pointXof deployment module and a second key in the 

12 set-top box, \ising the at least one control information 

13 pair, and the Roint of deployment module encrypting the 

14 information witX the first shared key and transmitting the 

15 encrypted information to the set-top box, and the set-top 

16 box decrypting thA encrypted information with the second 

17 shared key when th^first and second shared keys match. 

18 \ 

1 2. A method of Vopy protecting information 

2 transmitted between a deployment module and a host device, 

3 the method comprising t\e steps of: 

4 (a) transmitting a Request message for the 

5 information from the host\device to the deployment module; 

6 (b) transmitting a reAly message from the deployment 

7 module to the host device, wierein the reply message 

8 includes at least one controA information pair, each pair 

9 having a copy control informatVon and a stream identifier; 
1^ (c) generating a first sha\ed key at the host and a 

11 second shared key at the deploymd^nt module, respectively. 
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using^the at least one control information pair and an 
encryi^tion means; 

(d\ encrypting, in the deployment module, the 
information; 

(e) ^ansmitting the encrypted information from the 
deployment Viodule to the host; 

(f) decrypting, at the host, the encrypted 
information; amd 

(g) receiving the information at the host when the 
first and secona shared keys match. 

3. The metho>d of claim 2, wherein the deployment 
module is a point oV deployment module. 

4. The method o^ claim 2, wherein the host is a set- 
top box, 

5. The method of cla\m 2, wherein the encryption 
means includes a hash function. 

6. The method of claim 2\ wherein the encrypted 
information in an elementary stream of information is 
encrypted with the first shared\key, 

7. The method of claim 6, whWein the stream 
identifier that is transmitted to khe host is incorporated 
with the Packetized Elementary Stream (PES) header of the 
elementary stream, 

8. A deployment module for use wr^h a host device, 
the deployment module comprising; 
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3 means for communicating with the host device; and 

4 a processor for, in response to a request message for 

5 information from the host device, generating a reply 

6 message ta the host device, the reply message including at 

7 least one qpntrol information pair, each pair having copy 

8 control information and a stream identifier, generating a 

9 first shared\key using the at least one control 

10 information pair, encrypting the information with the 

11 first shared kW and transmitting the encrypted 

12 information to Vthe host device. 

13 \ 

1 9. The depldwnent module of claim 8, wherein the 

2 deployment moduleXis selected from the group consisting of 

3 a point of deployment module, wireless data interface 

4 appliance, smartcarffl, personal computer or internet 

5 interface appliance. \ 

6 \ 

1 10. The deployment module of claim 9, wherein the 

2 host device is a set-tob box. 

3 \ 

1 11. The deployment rrbdule of claim 10, wherein the 

2 encrypted information is ^ansmitted to the host device 

3 using a transport stream, wherein the transport stream 

4 includes at least one elementary stream. 

5 \ 

1 12. The deployment moduleXof claim 11, wherein 

2 respective ones of the at least\one control information 

3 pairs is associated with respective ones of the at least 

4 one elementary streams. \ 

5 \ 

1 13. A host device for use with a deployment module. 
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2 the hoat device comprising: 

3 itieajis for communicating with the deployment module; 

4 and \ 

5 a processor for generating a request message for 

6 informatioA to the deployment module, and in response, 

7 receiving a Veply message from the deployment module, 

8 wherein the rVply message includes at least one control 

9 information pa\r, each pair having copy control 

10 information and^ stream identifier, generating a second 

11 shared key using Vhe at least one control information 

12 pair, and decryptmg encrypted information, received from 

13 the deployment moduVe, with the second shared key, and 

14 receiving the information when the second shared key 

15 matches a first shared key generated in the deployment 

16 module, \ 

17 \ 

1 14. The host devic4 of claim 13, wherein the 

2 deployment module is selected from the group consisting of 

3 a point of deployment module, wireless data interface 

4 appliance, smartcard, persoXal computer or internet 

5 interface appliance. \ 

6 \ 

1 15. The host device of alaim 14, wherein the host 

2 device is a set- top box. \ 

3 \ 

1 16. The host device of claim\l3, wherein the received 

2 encrypted information is included Vn a transport stream, 

3 wherein the transport stream includes at least one 

4 elementary stream. \ 

5 \ 

1 17. The deployment module of claim 16, wherein 
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2 respective ones of the at least one control information 

3 pairs is assAciated with respective ones of the at least 

4 one eleinentar\ streams * 
5 
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